In order to protect any sensitive data on my work laptop, I use full-drive encryption. To aid recovery in case of theft, it normally boots to a honeypot installation of Windows with Prey installed. To boot into Linux, one must use a USB boot disk[1] which contains the contents of /boot.

Once in a while, it is necessary to upgrade the kernel. I don't do this very often, so it seems like the sort of process which should be documented.

Mount /boot read-write: `mount -o rw /boot`
I generally have /boot mounted read-only, in part because I don't usually
have the thumbdrive plugged in (I don't boot very often, after all), and
to ensure I don't accidentally make changes to it without being prepared
to undergo this full process.

Assuming both boot disks successfully boot the machine with the updated kernel, congratulations! You have successfully updated the kernel!

[1] It's not quite as much a waste of a thumbdrive as you might think. The sticks have a FAT partition of ~90% or so of the advertised capacity, so they can still be used to transfer files between computers or for data storage.

In this article you mention booting from a usb device containg /boot partition I've scoured google and have yet to find any referance to this process other than your blog. I was looking fora tutorial todo such a thing and was wondering if you would mind putting together some kimd of instructions. Thanks in advance. Regards Barry

It was a while ago, so my memory's a bit hazy, but I'm pretty sure all I did was tell the Debian installer to make a partition on /dev/usbN and put /boot there. Next time I install a machine with a USB boot disk I'll write down what I did, but it's not something I do regularly.

Though the backup boot thumbdrive was a bit more involved. IIRC, had to run grub-install for that (presumably I could have just copied the raw device of the original stick onto the backup, but that did not occur to me at the time).